For the last 3 weeks we have been tracking a malware campaign that has been compromising thousands of WordPress sites with the VisitorTracker malware code. We initially posted some details about this issue on this blog post: WordPress Malware – Active VisitorTracker Campaign, but as the campaign and the malicious code has evolved, we decided provideRead […]
Tag Archives: WordPress Security
WordPress Malware – Active VisitorTracker Campaign
We are seeing a large number of WordPress sites compromised with the “visitorTracker_isMob” malware code. This campaign started 15 days ago, but only in the last few days have we started to see it gain traction; really affecting a large number of sites. We initially shared our thoughts on it via our SucuriLabs Notes, but as theRead […]
WordPress Brute Force Attacks – 2015 Threat Landscape
One of the first server-level compromises I had to deal with in my life was around 15 years ago, and it was caused by an SSH brute force attack. A co-worker set up a test server and chose a very weak root password. A few days later, the box was compromised and the attackers installedRead […]
Wigo Means Bingo for Blackseo Agent
This week my colleague Peter Gramantik showed me a few infected sites that had very similar code embedded in the WordPress index.php files: if (eregi(‘-dbst’,$_SERVER[‘REQUEST_URI’])) { error_reporting(0); include (‘license.txt’); exit(); } The code is very simple. It checks if a page URL has “-dbst” appended to the URL and executes code from an included file. AtRead […]
Persistent XSS Vulnerability in WordPress Explained
Security Risk: Dangerous Exploitation level: Easy DREAD Score: 6/10 Vulnerability: Persistent XSS Patched Version: 4.2.4 Last week the WordPress team released a patch that fixed 6 security vulnerabilities. Of the six, you’ll find one that we identified a few months back. Vulnerability Disclosure Timeline: May 6th, 2015 – Initial report to WordPress security team MayRead […]
Ask Sucuri: How did my WordPress Website get Hacked? – A Tutorial
With the proliferation of Infrastructure and Platform as a Service providers, it is no surprise that a majority of today’s websites are hosting in the proverbial cloud. This is great because it allows organizations and individuals alike to quickly deploy their websites, with relatively little overhead on their own infrastructure/systems. While there are so manyRead […]
WP-CLI Guide: Install WordPress via SSH
This is our fourth post on using WP-CLI to manage WordPress securely over SSH. In our first post we showed you how to connect to WordPress over SSH. The second post had you typing a few commands to backup and update the WordPress core and database. We also covered a few commands in our thirdRead […]
WP-CLI Guide: Secure Plugin & Theme Management
Welcome to our third post on WP-CLI for secure WordPress management over an SSH command line interface. In our previous two articles, we discussed how to connect to WordPress over SSH, and then how to back up & update WordPress securely. Like other open-source content management systems, WordPress lets you easily add code to makeRead […]
SweetCaptcha Returns Hijacking Another Plugin
Yesterday we observed a strange short return of the SweetCaptcha plugin to WordPress.org repository. In June we reported that SweetCaptcha injected third-party ad code to their scripts which lead to malvertising problems on the sites that used this CAPTCHA service. After that incident, the SweetCaptcha WordPress plugin had been removed from the official plugin repository.Read […]
WP-CLI Guide: Secure WordPress Backup and Update
Welcome to our second post in the series on WP-CLI for WordPress management over SSH. In our previous post, we discussed how to get your SSH credentials and use WP-CLI to connect to your website over the command line. Before we get into changing anything, we’ll show you how to back up your database and compressRead […]
